ci: Run podman command directly without wrapping it with prepare.sh

The prepare.sh script isn't currently used and forces us to make use
of sudo to switch the user inside the container from root to $USER
which created a problem on our Debian Slim-based containers which don't
have the 'sudo' package installed.
This patch removes the sudo invocation and instead runs the CMD
directly with podman.

Summary of the changes:
- move the corresponding env variables which we need to be set in the
  environment from the sudo invocation to the podman invocation
- pass --workdir to podman to retain the original behaviour we had with
  sudo spawning a login shell.
- MESON_OPTS env variable doesn't need to propagated to the execution
  environment anymore (like we had to do with sudo), because it's
  defined in the Dockerfile

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This commit is contained in:
Erik Skultety 2021-02-10 07:22:18 +01:00
parent 3ca7299a00
commit ee07bffacc

View File

@ -82,7 +82,6 @@ CI_HOME_MOUNTS = \
$(NULL) $(NULL)
CI_SCRIPT_MOUNTS = \ CI_SCRIPT_MOUNTS = \
--volume $(CI_SCRATCHDIR)/prepare:$(CI_USER_HOME)/prepare:z \
--volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \ --volume $(CI_SCRATCHDIR)/build:$(CI_USER_HOME)/build:z \
$(NULL) $(NULL)
@ -150,6 +149,8 @@ CI_GIT_ARGS = \
# --user we execute as the same user & group account # --user we execute as the same user & group account
# as dev so that file ownership matches host # as dev so that file ownership matches host
# instead of root:root # instead of root:root
# --workdir we change to user's home dir in the container
# before running the workload
# --volume to pass in the cloned git repo & config # --volume to pass in the cloned git repo & config
# --ulimit lower files limit for performance reasons # --ulimit lower files limit for performance reasons
# --interactive # --interactive
@ -158,6 +159,11 @@ CI_ENGINE_ARGS = \
--rm \ --rm \
--interactive \ --interactive \
--tty \ --tty \
--user "$(CI_UID)":"$(CI_GID)" \
--workdir "$(CI_USER_HOME)" \
--env CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
--env CI_MESON_ARGS="$(CI_MESON_ARGS)" \
--env CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
$(CI_PODMAN_ARGS) \ $(CI_PODMAN_ARGS) \
$(CI_PWDB_MOUNTS) \ $(CI_PWDB_MOUNTS) \
$(CI_HOME_MOUNTS) \ $(CI_HOME_MOUNTS) \
@ -178,9 +184,8 @@ ci-prepare-tree: ci-check-engine
cp /etc/passwd $(CI_SCRATCHDIR); \ cp /etc/passwd $(CI_SCRATCHDIR); \
cp /etc/group $(CI_SCRATCHDIR); \ cp /etc/group $(CI_SCRATCHDIR); \
mkdir -p $(CI_SCRATCHDIR)/home; \ mkdir -p $(CI_SCRATCHDIR)/home; \
cp "$(CI_PREPARE_SCRIPT)" $(CI_SCRATCHDIR)/prepare; \
cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \ cp "$(CI_BUILD_SCRIPT)" $(CI_SCRATCHDIR)/build; \
chmod +x "$(CI_SCRATCHDIR)/prepare" "$(CI_SCRATCHDIR)/build"; \ chmod +x "$(CI_SCRATCHDIR)/build"; \
echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \ echo "Cloning $(CI_GIT_ROOT) to $(CI_HOST_SRCDIR)"; \
git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \ git clone $(CI_GIT_ARGS) $(CI_GIT_ROOT) $(CI_HOST_SRCDIR) || exit 1; \
for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \ for mod in $$(git submodule | awk '{ print $$2 }' | sed -E 's,^../,,g') ; \
@ -192,18 +197,10 @@ ci-prepare-tree: ci-check-engine
fi fi
ci-run-command@%: ci-prepare-tree ci-run-command@%: ci-prepare-tree
$(CI_ENGINE) run $(CI_ENGINE_ARGS) $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \ $(CI_ENGINE) run \
/bin/bash -c ' \ $(CI_ENGINE_ARGS) \
$(CI_USER_HOME)/prepare || exit 1; \ $(CI_IMAGE_PREFIX)$*$(CI_IMAGE_TAG) \
sudo \ $(CI_COMMAND)
--login \
--user="#$(CI_UID)" \
--group="#$(CI_GID)" \
MESON_OPTS="$$MESON_OPTS" \
CI_CONT_SRCDIR="$(CI_CONT_SRCDIR)" \
CI_MESON_ARGS="$(CI_MESON_ARGS)" \
CI_NINJA_ARGS="$(CI_NINJA_ARGS)" \
$(CI_COMMAND) || exit 1'
@test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || : @test "$(CI_CLEAN)" = "1" && rm -rf $(CI_SCRATCHDIR) || :
ci-shell@%: ci-shell@%: